Posts Of The Week 2021-01-22

This blog is such a great example of why it is difficult to creat great software. So often you have to make impossible choices between security and backward-compatibility.

Today’s Go security release fixes an issue involving PATH lookups in untrusted directories that can lead to remote execution during the go get command. We expect people to have questions about what exactly this means and whether they might have issues in their own programs. This post details the bug, the fixes we have applied, how to decide whether your own programs are vulnerable to similar problems, and what you can do if they are.

• Russ Cox

https://blog.golang.org/path-security

As I wrote to Tanya,

I have been in two orgs where peer reviews came across as condescending and nitpicky. The CTO didn’t do much to address the situation. It really disincentives talking candidly about trade-offs. Thanks. I’ve shared this with $my_current_job because this is what’s needed to change the culture of a company.

https://leaddev.com/technical-decision-making/accentuate-negative-making-non-perfect-decision

• Untagged